Written by Adriano Chaves  and Maria Paula Souza, Campos Mello Advogados law firm (Brazil)*

The so-called “Marco Civil da Internet” (i.e. the Bill of Law 2,126/2011, which establishes a civil rights framework for the Internet) was voted and approved by the Brazilian House of Representatives (Câmara dos Deputados) this week. Now it will be submitted to the Senate (Senado). The rumor is that the Government will press the senators to vote the bill with urgency, preferably before the Global Multistakeholder Conference on the Future of Internet Governance, which will be held in Brazil on April 23 and 24, 2014.

In order to have the Bill of Law voted this week, the Executive Branch agreed to exclude the provision that would oblige Internet application providers to store data of Brazilian users in servers in Brazil. In response to alleged surveillance of Brazilians’ data, at the end of last year the Executive Branch had requested the inclusion of an “storage localization” provision; however, the proposal faced  strong opposition of many industry associations, Internet players and congressmen.

Instead of a forced “storage localization” provision, the final version of the Bill of Law contains several other provisions aiming at increasing and ensuring the protection of personal data and privacy. For instance, article 11 establishes that the collection, process or storage of records, personal data or communications by Internet connection providers and Internet application providers in Brazil will be subject to Brazilian law, even if performed by a foreign entity. The Bill also establishes specific penalties in case of violation of such provisions.

Briefly, the Bill of Law (i) establishes and confirms individual rights in the Internet environment (e.g. protection of privacy, freedom of speech and expression, protection of personal data, etc.) and principles like preservation and assurance of neutrality and participatory nature of the Internet; (ii) establishes rules regarding civil liability of intermediary parties (e.g. Internet connection providers and Internet application providers); and (iii) establishes some principles for the action of public authorities in connection with Internet issues.

The final version of the Bill of Law establishes, for instance, that the Internet connection providers are (i) obliged to keep records of the connection access logs in a safe place for one year and (ii) forbidden to keep records of application access logs or to disclose access records to third parties without the person’s consent or a judicial order. There is also a provision obliging Internet application providers that carry out their activity in an organized, professional manner, with economic purposes to keep records of application access logs in a safe place for six months.

One of the most controversial points discussed before the voting was the regulation of the principle of Internet neutrality. Regardless of the pressure from telecom companies, the principle was maintained. According to article 9, the person or entity responsible for transmission, switching or routing of Internet traffic is obliged to treat equally all data packages – i.e. Internet connection providers are not allowed to provide different services or data packages based on the content, origin or destiny of data. Any exception to such principle will need to be regulated by the President through a Decree, after consulting with The Brazilian Internet Steering Committee and The National Telecommunications Agency (ANATEL), and may only result from (i) technical requirements essential to the adequate provision of services and applications; and (ii) prioritization of emergency services.

We cannot anticipate when Marco Civil da Internet will be finally enacted as law, but the expectation is that this will occur soon. We will follow up this voting closely.

* Adriano Chaves and Maria Paula Souza are, respectively, partner and associate with Campos Mello Advogados, an independent law firm in Brazil.